Adobe Exploit Running Wild

The ThreatTrack Security Labs spotted a new exploit in the wild going after a known Adobe vulnerability.

The vulnerability, CVE-2014-0502, can be exploited to wreak havoc on Windows, Mac, Linux and Android systems, and it is still being used to infect machines nearly a month after it was identified and posted to the National Institute of Standards and Technology (NIST) National Vulnerability Database.

NIST describes the vulnerability as:

“Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.”

Our team was alerted to the threat today, when VIPRE heuristics detected the file cc.swf delivered via the malicious link hxxp://java-sky.com/swf/cc.swf. At the time of this posting, only 3 / 51 antivirus vendors on VirusTotal detect the exploit.

Upon execution, the exploit retrieves a payload from hxxp://java-sky.com/d.exe, which we submitted to ThreatAnalyzer for dynamic malware analysis to reveal sleep calls, code injection, registry changes and the following malicious activity:

Only 7 / 51 antivirus vendors on VirusTotal detect the malicious payload at the time of this post.

Defend Yourself

Keep your machines patched. Adobe patches for this vulnerability have been available since Feb. 20, 2014. If you’re looking for automated patching, learn more about VIPRE Business Premium, the small-footprint antivirus with integrated patch management.

ThreatTrack Security Labs is the power behind the malware analysis, detection and remediation technologies developed by ThreatTrack Security. From facilities in the United States and the Philippines, our team of cybersecurity professionals, malware researchers, engineers and software developers work around the clock to discover and combat Advanced Persistent Threats, targeted attacks, Zero-days and other sophisticated malware. The company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more about ThreatTrack Security.